Sesivele sikhulume ngethuluzi lethu le-GitOps izikhathi ezingaphezu kwesisodwa. , futhi kulokhu singathanda ukwabelana ngolwazi lwethu lokuhlanganisa isayithi nemibhalo yephrojekthi ngokwayo - (inguqulo yayo yesiRashiya ithi ). Lesi isiza esivamile esimile, kodwa ukuhlanganiswa kwayo kuyathakazelisa ngoba sakhiwe kusetshenziswa inombolo eguquguqukayo yezinto zobuciko.
Ngena kuma-nuances wesakhiwo sesayithi: ukukhiqiza imenyu evamile yazo zonke izinguqulo, amakhasi anolwazi mayelana nokukhishwa, njll. - thina ngeke. Kunalokho, ake sigxile ezindabeni nasezicini zokuhlanganisa okuguquguqukayo kanye nokuncane ezinqubweni ezihambisana nazo ze-CI/CD.
Isingeniso: ukuthi isiza sisebenza kanjani
Okokuqala, imibhalo ye-werf igcinwa kanye nekhodi yayo. Lokhu kubeka izidingo ezithile zentuthuko ngokuvamile ezingaphezu kobubanzi balesi sihloko, kodwa okungenani kungashiwo ukuthi:
- Imisebenzi emisha ye-werf akufanele ikhishwe ngaphandle kokubuyekeza amadokhumenti futhi, ngokuphambene, noma yiziphi izinguquko emibhalweni zisikisela ukukhululwa kwenguqulo entsha ye-werf;
- Iphrojekthi inentuthuko ejulile: izinguqulo ezintsha zingakhululwa izikhathi eziningana ngosuku;
- Noma yikuphi ukusebenza okwenziwa ngesandla ukuze kusetshenziswe isayithi ngenguqulo entsha yamadokhumenti kuyakhathaza okungenani;
- Iphrojekthi isebenzisa indlela ye-semantic , eneziteshi ezizinzile ezi-5. Inqubo yokukhishwa ibandakanya ukudlula okulandelanayo kwezinguqulo ngamashaneli ukuze kukhule ukuzinza: ukusuka ku-alpha kuye ku-rock-solid;
- Isayithi linenguqulo yolimi lwesiRashiya, "ehlala futhi ithuthuke" (okungukuthi, okuqukethwe kwayo kubuyekezwa) ngokuhambisana nenguqulo eyinhloko (okungukuthi, isiNgisi).
Ukufihla konke lokhu "ikhishi langaphakathi" kumsebenzisi, simnikeze okuthile "okusebenzayo nje", senze hlukanisa ukufakwa kwe-werf kanye nethuluzi lokubuyekeza Ingabe . Udinga nje ukucacisa inombolo yokukhishwa kanye nesiteshi sokuzinza osulungele ukusisebenzisa, futhi i-multiwerf izohlola ukuthi ikhona yini inguqulo entsha esiteshini futhi iyilande uma kunesidingo.
Kumenyu yokukhetha inguqulo kuwebhusayithi, izinguqulo zakamuva ze-werf ziyatholakala esiteshini ngasinye. Ngokuzenzakalelayo, ngekheli inguqulo yesiteshi ezinzile kakhulu yokukhishwa kwakamuva iyavuleka - iphinde ikhonjiswe yizinjini zokusesha. Amadokhumenti esiteshi atholakala emakhelini ahlukene (isibonelo, ukukhishwa kwe-beta 1.0).
Sekukonke, isayithi linezinguqulo ezilandelayo ezitholakalayo:
- impande (ivula ngokuzenzakalelayo),
- esiteshini ngasinye sokubuyekeza esisebenzayo sokukhishwa ngakunye (isibonelo, ).
Ukukhiqiza inguqulo ethile yesayithi, ngokuvamile, kwanele ukuyihlanganisa usebenzisa ngokusebenza kuhla lwemibhalo /docs umyalo ohambelana ne-werf repository (jekyll build), ngemva kokushintshela kumaka we-Git wenguqulo edingekayo.
Kusele kuphela ukwengeza ukuthi:
- insiza ngokwayo (werf) isetshenziselwa ukuhlanganisa;
- Izinqubo ze-CI/CD zakhiwe ngesisekelo se-GitLab CI;
- futhi konke lokhu, kunjalo, kusebenza eKubernetes.
Imisebenzi
Manje ake sakhe imisebenzi ecabangela yonke imininingwane echaziwe:
- Ngemva kokushintsha inguqulo ye-werf kunoma yisiphi isiteshi sokubuyekeza imibhalo kusayithi kufanele ibuyekezwe ngokuzenzakalelayo.
- Ukuze uthuthuke udinga ukwazi ngezinye izikhathi buka izinguqulo zokubuka kuqala zesayithi.
Isiza kufanele sihlanganiswe kabusha ngemva kokushintsha inguqulo kunoma yisiphi isiteshi kumathegi e-Git ahambisanayo, kodwa ngesikhathi sokwakha isithombe sizothola izici ezilandelayo:
- Njengoba uhlu lwezinguqulo eziteshini lushintsha, kuyadingeka kuphela ukwakha kabusha imibhalo yeziteshi lapho inguqulo ishintshile. Phela, ukwakha kabusha yonke into futhi akuyona into enhle kakhulu.
- Isethi yeziteshi zokukhishwa ingase ishintshe. Ngesinye isikhathi ngokuhamba kwesikhathi, ngokwesibonelo, kungase kungabi khona inguqulo eziteshini ezinzile kunokukhishwa kwe-1.1 yokufinyelela ngaphambi kwesikhathi, kodwa ngokuhamba kwesikhathi zizovela - kulokhu, akufanele yini ushintshe umhlangano mathupha?
Kuvela lokho ukuhlanganisa kuncike ekushintsheni idatha yangaphandle.
Ukuqaliswa
Ukukhetha Indlela
Kungenjalo, ungasebenzisa inguqulo ngayinye edingekayo njenge-pod ehlukile ku-Kubernetes. Le nketho isho inani elikhulu lezinto kuqoqo, elizokhula ngokukhula kwenani lokukhishwa kwe-werf okuzinzile. Futhi lokhu, kusho ukugcinwa okuyinkimbinkimbi kakhulu: inguqulo ngayinye ineseva yayo ye-HTTP, futhi inomthwalo omncane. Kunjalo, lokhu kuhlanganisa nezindleko ezinkulu zezinsiza.
Sathatha indlela efanayo ukuhlanganisa zonke izinguqulo ezidingekayo esithombeni esisodwa. Ama-statics ahlanganisiwe azo zonke izinguqulo zesayithi atholakala esitsheni esine-NGINX, futhi ithrafikhi eya ku-Deployment ehambisanayo iza nge-NGINX Ingress. Isakhiwo esilula - uhlelo lokusebenza olungenasimo - sikuvumela ukuthi ulinganise kalula Ukuthunyelwa (kuya ngomthwalo) usebenzisa i-Kubernetes ngokwayo.
Ukunemba kakhudlwana, siqoqa izithombe ezimbili: eyodwa yesifunda sokukhiqiza, eyesibili ingeyengeziwe yesifunda se-dev. Isithombe esengeziwe sisetshenziswa (sethulwe) kuphela kusekethe ye-dev kanye nesikhulu futhi siqukethe inguqulo yesayithi kusukela kusibopho sokubuyekeza, futhi umzila phakathi kwazo wenziwa kusetshenziswa izinsiza ze-Ingress.
i-werf vs git clone nama-artifacts
Njengoba sekushiwo, ukuze ukhiqize ama-statics esayithi enguqulo ethile yamadokhumenti, udinga ukwakha ngokushintshela kumaki wekhosombe afanelekile. Ungakwenza lokhu futhi ngokuhlanganisa inqolobane isikhathi ngasinye wakha, ukhethe omaka abafanele ohlwini. Kodwa-ke, lokhu kuwukusebenza okudinga kakhulu izinsiza futhi, ngaphezu kwalokho, kudinga ukubhala imiyalelo engeyona into encane ... Okunye okubi kakhulu ukuthi ngale ndlela ayikho indlela yokufihla okuthile ngesikhathi somhlangano.
Lapha insiza ye-werf ngokwayo iza ukuzosisiza, iqalise ukulondoloza isikhashana okuhlakaniphile futhi ikuvumela ukuthi usebenzise . Ukusebenzisa i-werf ukwengeza ikhodi kusuka endaweni yokugcina kuzosheshisa kakhulu ukwakha, ngoba I-werf empeleni ihlanganisa indawo yokugcina kanye bese isenza kuphela fetch uma kunesidingo. Ngaphezu kwalokho, lapho wengeza idatha kusuka endaweni yokugcina, singakhetha kuphela izinkomba ezidingekayo (kithi lolu wuhlu lwemibhalo. docs), okuzonciphisa kakhulu inani ledatha eyengeziwe.
Njengoba i-Jekyll iyithuluzi elakhelwe ukuhlanganisa idatha emile futhi ayidingeki esithombeni sokugcina, kungaba okunengqondo ukuhlanganisa , nasesithombeni sokugcina ngenisa kuphela umphumela wokuhlanganisa.
Sibhala i-werf.yaml
Ngakho-ke, sinqume ukuthi sizohlanganisa inguqulo ngayinye endaweni ehlukile ye-werf artifact. Nokho thina asazi ukuthi zingaki zalezi zinto zobuciko ezizoba khona ngesikhathi sokuhlanganiswa, ngakho-ke asikwazi ukubhala ukucushwa kokwakha okungaguquki (ukukhuluma ngokuqinile, sisengakwazi, kodwa ngeke kusebenze ngokuphelele).
i-werf ikuvumela ukuthi usebenzise kufayela lakho lokumisa (werf.yaml), futhi lokhu kwenza kwenzeke khiqiza i-config on the fly kuye ngedatha yangaphandle (okudingayo!). Idatha yangaphandle kithi iwulwazi mayelana nezinguqulo nokukhishwa, ngesisekelo lapho siqoqa inani elidingekayo lama-artifact futhi ngenxa yalokho sithola izithombe ezimbili: werf-doc ΠΈ werf-dev ukugijima kumasekethe ahlukene.
Idatha yangaphandle idluliswa ngokuguquguquka kwemvelo. Nakhu ukuqamba kwabo:
-
RELEASES- umugqa onohlu lokukhishwa kanye nenguqulo yamanje ehambisanayo ye-werf, ngendlela yohlu oluhlukaniswe isikhala lwamanani ngefomethi<ΠΠΠΠΠ _Π ΠΠΠΠΠ>%<ΠΠΠΠΠ _ΠΠΠ Π‘ΠΠ>. Isibonelo:1.0%v1.0.4-beta.20 -
CHANNELS- umugqa onohlu lwamashaneli kanye nenguqulo yamanje ehambisanayo ye-werf, ngendlela yohlu oluhlukaniswe isikhala lwamanani ngefomethi<ΠΠΠΠΠ>%<ΠΠΠΠΠ _ΠΠΠ Π‘ΠΠ>. Isibonelo:1.0-beta%v1.0.4-beta.20 1.0-alpha%v1.0.5-alpha.22 -
ROOT_VERSIONβ inguqulo ye-werf ezokhonjiswa ngokuzenzakalelayo esizeni (akudingeki ngaso sonke isikhathi ukubonisa imibhalo ngenombolo ephakeme kakhulu yokukhishwa). Isibonelo:v1.0.4-beta.20 -
REVIEW_SHA- hashi yesithembiso sokubuyekeza okudingeka wakhe kuso inguqulo ye-loop yokuhlola.
Lokhu okuguquguqukayo kuzogcwaliswa epayipini le-GitLab CI, nokuthi kubhalwe kanjani kahle ngezansi.
Okokuqala, ukuze kube lula, sichaza ku werf.yaml Hamba okuguquguqukayo kwesifanekiso, ukwabela amanani asuka kokuguquguqukayo kwemvelo:
{{ $_ := set . "WerfVersions" (cat (env "CHANNELS") (env "RELEASES") | splitList " ") }}
{{ $Root := . }}
{{ $_ := set . "WerfRootVersion" (env "ROOT_VERSION") }}
{{ $_ := set . "WerfReviewCommit" (env "REVIEW_SHA") }}
Incazelo ye-artifact yokuhlanganisa inguqulo emile yesayithi ngokuvamile iyafana kuzo zonke izimo esizidingayo (okuhlanganisa nokukhiqiza inguqulo yempande, kanye nenguqulo yesekethe ye-dev). Ngakho-ke, sizoyihambisa endaweni ehlukile sisebenzisa umsebenzi define - ukusetshenziswa kabusha okulandelayo include. Sizodlulisela izimpikiswano ezilandelayo kusifanekiso:
-
Version- inguqulo eyenziwe (igama lethegi); -
Channelβ igama lesiteshi sokuvuselela okwenzelwa sona i-artifact; -
Commit- faka i-hash, uma i-artifact yenzelwe ukubuyekezwa; - umongo.
Incazelo Yesifanekiso Se-Artifact
{{- define "doc_artifact" -}}
{{- $Root := index . "Root" -}}
artifact: doc-{{ .Channel }}
from: jekyll/builder:3
mount:
- from: build_dir
to: /usr/local/bundle
ansible:
install:
- shell: |
export PATH=/usr/jekyll/bin/:$PATH
- name: "Install Dependencies"
shell: bundle install
args:
executable: /bin/bash
chdir: /app/docs
beforeSetup:
{{- if .Commit }}
- shell: echo "Review SHA - {{ .Commit }}."
{{- end }}
{{- if eq .Channel "root" }}
- name: "releases.yml HASH: {{ $Root.Files.Get "releases.yml" | sha256sum }}"
copy:
content: |
{{ $Root.Files.Get "releases.yml" | indent 8 }}
dest: /app/docs/_data/releases.yml
{{- else }}
- file:
path: /app/docs/_data/releases.yml
state: touch
{{- end }}
- file:
path: "{{`{{ item }}`}}"
state: directory
mode: 0777
with_items:
- /app/main_site/
- /app/ru_site/
- file:
dest: /app/docs/pages_ru/cli
state: link
src: /app/docs/pages/cli
- shell: |
echo -e "werfVersion: {{ .Version }}nwerfChannel: {{ .Channel }}" > /tmp/_config_additional.yml
export PATH=/usr/jekyll/bin/:$PATH
{{- if and (ne .Version "review") (ne .Channel "root") }}
{{- $_ := set . "BaseURL" ( printf "v%s" .Channel ) }}
{{- else if ne .Channel "root" }}
{{- $_ := set . "BaseURL" .Channel }}
{{- end }}
jekyll build -s /app/docs -d /app/_main_site/{{ if .BaseURL }} --baseurl /{{ .BaseURL }}{{ end }} --config /app/docs/_config.yml,/tmp/_config_additional.yml
jekyll build -s /app/docs -d /app/_ru_site/{{ if .BaseURL }} --baseurl /{{ .BaseURL }}{{ end }} --config /app/docs/_config.yml,/app/docs/_config_ru.yml,/tmp/_config_additional.yml
args:
executable: /bin/bash
chdir: /app/docs
git:
- url: https://github.com/flant/werf.git
to: /app/
owner: jekyll
group: jekyll
{{- if .Commit }}
commit: {{ .Commit }}
{{- else }}
tag: {{ .Version }}
{{- end }}
stageDependencies:
install: ['docs/Gemfile','docs/Gemfile.lock']
beforeSetup: '**/*'
includePaths: 'docs'
excludePaths: '**/*.sh'
{{- end }}
Igama le-artifact kufanele lihluke. Lokhu singakufeza, ngokwesibonelo, ngokwengeza igama lesiteshi (inani lokuguquguquka .Channel) njengesijobelelo egameni le-artifact: artifact: doc-{{ .Channel }}. Kodwa udinga ukuqonda ukuthi uma ungenisa kusuka ezintweni zobuciko, uzodinga ukubhekisela kumagama afanayo.
Uma kuchazwa i-artifact, kusetshenziswa isici se-werf esilandelayo: . Ukukhweza okubonisa uhla lwemibhalo lwesevisi build_dir ikuvumela ukuthi ulondoloze inqolobane ye-Jekyll phakathi kokugijima kwepayipi, okuyinto isheshisa kakhulu ukuhlanganisa kabusha.
Kungenzeka futhi ukuthi uqaphele ukusetshenziswa kwefayela releases.yml yifayela le-YAML elinedatha yokukhishwa ecelwe kuyo (i-artifact etholwe ngenkathi kwenziwa ipayipi). Kudingeka lapho kuhlanganiswa isayithi, kodwa kumongo we-athikili kuyathakazelisa kithi ngoba kuncike esimweni sayo ukuhlangana kabusha kwe-artifact eyodwa kuphela - i-artifact yenguqulo yezimpande zesayithi (ayidingeki kwezinye izinto zobuciko).
Lokhu kwenziwa kusetshenziswa isitatimende esinemibandela if Hamba izifanekiso nemiklamo {{ $Root.Files.Get "releases.yml" | sha256sum }} esiteji . Isebenza ngale ndlela elandelayo: lapho wakha i-artifact yenguqulo yempande (okuguquguqukayo .Channel ilingana ne root) ifayela hash releases.yml ithinta isignesha yesiteji sonke, njengoba iyingxenye yegama lomsebenzi ongenakulinganiswa (ipharamitha name). Ngakho-ke, lapho ushintsha okuqukethwe ifayela releases.yml i-artifact ehambisanayo izohlanganiswa kabusha.
Sicela futhi unake ukusebenza ngendawo yokugcina yangaphandle. Emfanekisweni we-artifact evela , uhla lwemibhalo kuphela lwengeziwe /docs, futhi kuye ngamapharamitha aphasisiwe, idatha yethegi edingekayo noma isithembiso sokubuyekeza yengezwa ngokushesha.
Ukuze usebenzise isifanekiso se-artifact ukwenza incazelo ye-artifact yezinguqulo ezidlulisiwe zamashaneli nokukhishwa, sihlela iluphu kokuguquguqukayo. .WerfVersions Π² werf.yaml:
{{ range .WerfVersions -}}
{{ $VersionsDict := splitn "%" 2 . -}}
{{ dict "Version" $VersionsDict._1 "Channel" $VersionsDict._0 "Root" $Root | include "doc_artifact" }}
---
{{ end -}}
Ngoba i-loop izokhiqiza izinto zobuciko eziningana (sithemba kanjalo), kuyadingeka ukucabangela isihlukanisi phakathi kwabo - ukulandelana --- (Ukuze uthole ulwazi olwengeziwe mayelana ne-syntax yefayela lokumisa, bheka ). Njengoba kuchaziwe ngaphambili, lapho sibiza isifanekiso ku-loop, sidlula amapharamitha enguqulo, i-URL nomsuka wokuqukethwe.
Ngokufanayo, kodwa ngaphandle kweluphu, sibiza ithempulethi ye-artifact "yamacala akhethekile": yenguqulo yempande, kanye nenguqulo evela kusivumelwano sokubuyekeza:
{{ dict "Version" .WerfRootVersion "Channel" "root" "Root" $Root | include "doc_artifact" }}
---
{{- if .WerfReviewCommit }}
{{ dict "Version" "review" "Channel" "review" "Commit" .WerfReviewCommit "Root" $Root | include "doc_artifact" }}
{{- end }}
Sicela uqaphele ukuthi i-artifact yesibopho sokubuyekeza izokwakhiwa kuphela uma okuguquguqukayo kusethiwe .WerfReviewCommit.
Ama-artifact aselungile - sekuyisikhathi sokuqala ukungenisa!
Isithombe sokugcina, esiklanyelwe ukusebenza ku-Kubernetes, i-NGINX evamile enefayela lokumisa iseva elingeziwe. nginx.conf futhi i-static evela kuma-artifact. Ngokungeziwe ku-artifact yenguqulo yempande yesayithi, sidinga ukuphinda iluphu kokuguquguqukayo .WerfVersions ukungenisa ama-artifact esiteshi kanye nezinguqulo ezikhishiwe + landela isimiso sokuqamba i-artifact esasisebenzisa ekuqaleni. Njengoba i-artifact ngayinye igcina izinguqulo zesayithi zezilimi ezimbili, sizingenisa ezindaweni ezihlinzekwe ukucushwa.
Incazelo yesithombe sokugcina se-werf-doc
image: werf-doc
from: nginx:stable-alpine
ansible:
setup:
- name: "Setup /etc/nginx/nginx.conf"
copy:
content: |
{{ .Files.Get ".werf/nginx.conf" | indent 8 }}
dest: /etc/nginx/nginx.conf
- file:
path: "{{`{{ item }}`}}"
state: directory
mode: 0777
with_items:
- /app/main_site/assets
- /app/ru_site/assets
import:
- artifact: doc-root
add: /app/_main_site
to: /app/main_site
before: setup
- artifact: doc-root
add: /app/_ru_site
to: /app/ru_site
before: setup
{{ range .WerfVersions -}}
{{ $VersionsDict := splitn "%" 2 . -}}
{{ $Channel := $VersionsDict._0 -}}
{{ $Version := $VersionsDict._1 -}}
- artifact: doc-{{ $Channel }}
add: /app/_main_site
to: /app/main_site/v{{ $Channel }}
before: setup
{{ end -}}
{{ range .WerfVersions -}}
{{ $VersionsDict := splitn "%" 2 . -}}
{{ $Channel := $VersionsDict._0 -}}
{{ $Version := $VersionsDict._1 -}}
- artifact: doc-{{ $Channel }}
add: /app/_ru_site
to: /app/ru_site/v{{ $Channel }}
before: setup
{{ end -}}Isithombe esengeziwe, esihlangene nesiyinhloko, esethulwe kusekethe ye-dev, siqukethe izinguqulo ezimbili kuphela zesayithi: inguqulo evela kusivumelwano sokubuyekeza kanye nenguqulo yezimpande zesayithi (kunezimpahla ezijwayelekile futhi, uma ukhumbula , khipha idatha). Ngakho-ke, isithombe esengeziwe sizohluka kwesiyinhloko kuphela esigabeni sokungenisa (futhi, yiqiniso, egameni):
image: werf-dev
...
import:
- artifact: doc-root
add: /app/_main_site
to: /app/main_site
before: setup
- artifact: doc-root
add: /app/_ru_site
to: /app/ru_site
before: setup
{{- if .WerfReviewCommit }}
- artifact: doc-review
add: /app/_main_site
to: /app/main_site/review
before: setup
- artifact: doc-review
add: /app/_ru_site
to: /app/ru_site/review
before: setup
{{- end }}
Njengoba kuphawuliwe ngenhla, i-artifact yesibopho sokubuyekeza izokhiqizwa kuphela uma isethi eguquguqukayo yemvelo isetshenziswa REVIEW_SHA. Kungenzeka ukuthi ungakhiqizi isithombe se-werf-dev nhlobo uma kungekho okuguquguqukayo kwemvelo REVIEW_SHA, kodwa ukuze Izithombe ze-Docker ku-werf zisebenzele isithombe se-werf-dev, sizosishiya ukuthi sakhiwe kuphela nge-artifact yenguqulo yempande (seyakhiwe noma kunjalo), ukuze senze ukwakheka kwepayipi kube lula.
Umhlangano usulungile! Masiqhubekele ku-CI/CD nama-nuances abalulekile.
Ipayipi ku-GitLab CI nezici zesakhiwo esiguqukayo
Lapho sisebenza ukwakha sidinga ukusetha okuguquguqukayo kwemvelo okusetshenziswe kuyo werf.yaml. Lokhu akusebenzi ekuguquguqukeni kwe-REVIEW_SHA, esizosetha lapho sibiza ipayipi ukusuka kuhhuku ye-GitHub.
Sizokhiqiza idatha yangaphandle edingekayo kusikripthi se-Bash generate_artifacts, ezokhiqiza amapayipi amabili e-GitLab:
- ifayela
releases.ymlnedatha yokukhishwa, - ifayela
common_envs.sh, equkethe okuguquguqukayo kwemvelo okumele kuthunyelwe.
Okuqukethwe kwefayela generate_artifacts uzoyithola kweyethu . Ukwamukela idatha ngokwako akusona isihloko se-athikili, kodwa ifayela common_envs.sh kubalulekile kithi, ngoba umsebenzi werf uncike kuwo. Isibonelo sokuqukethwe kwayo:
export RELEASES='1.0%v1.0.6-4'
export CHANNELS='1.0-alpha%v1.0.7-1 1.0-beta%v1.0.7-1 1.0-ea%v1.0.6-4 1.0-stable%v1.0.6-4 1.0-rock-solid%v1.0.6-4'
export ROOT_VERSION='v1.0.6-4'
Ungasebenzisa okukhiphayo kweskripthi esinjalo, isibonelo, usebenzisa umsebenzi we-Bash source.
Manje kufika ingxenye ejabulisayo. Ukuze kokubili ukwakhiwa nokuthunyelwa kwesicelo kusebenze ngendlela efanele, kuyadingeka ukuqinisekisa lokho werf.yaml kwaba okufanayo okungenani ngaphakathi kwepayipi elilodwa. Uma lesi simo singahlangatshezwana nayo, khona-ke amasignesha ezigaba ezibalwa yi-werf ngesikhathi sokuhlanganiswa futhi, isibonelo, ukuthunyelwa, azohluka. Lokhu kuzoholela ephutheni lokuthunyelwa, ngoba... isithombe esidingekayo ukuze kusetshenziswe sizobe singekho.
Ngamanye amazwi, uma ngesikhathi sokuhlanganiswa kwesithombe sesayithi ulwazi mayelana nokukhishwa nezinguqulo lufana, futhi ngesikhathi sokuthunyelwa kukhishwa inguqulo entsha futhi okuguquguqukayo kwemvelo kunamanani ahlukene, khona-ke ukuthunyelwa kuzohluleka ngephutha: phela, i-artifact yenguqulo entsha ayikakhiwa.
Uma isizukulwane werf.yaml kuncike kudatha yangaphandle (isibonelo, uhlu lwezinguqulo zamanje, njengakithi), khona-ke ukwakheka namanani anjalo idatha kufanele kurekhodwe ngaphakathi kwepayipi. Lokhu kubaluleke kakhulu uma amapharamitha angaphandle eshintsha kaningi.
Sizokwenza kanjalo thola futhi urekhode idatha yangaphandle esigabeni sokuqala sepayipi e-GitLab (Yakha ngaphambilini) futhi uwadlulisele efomini I-artifact ye-GitLab CI. Lokhu kuzokuvumela ukuthi uqalise futhi uqale kabusha imisebenzi yamapayipi (ukwakha, ukukhipha, ukuhlanza) ngokucushwa okufanayo werf.yaml.
Okuqukethwe esiteji Yakha ngaphambilini ifayela .gitlab-ci.yml:
Prebuild:
stage: prebuild
script:
- bash ./generate_artifacts 1> common_envs.sh
- cat ./common_envs.sh
artifacts:
paths:
- releases.yml
- common_envs.sh
expire_in: 2 weekNgemva kokuthwebula idatha yangaphandle ku-artifact, ungakha futhi usebenzise izigaba zamapayipi ezijwayelekile ze-GitLab CI: Yakha futhi Uphakele. Sethula ipayipi ngokwalo sisebenzisa amahhuku asuka kunqolobane ye-werf GitHub (okungukuthi, uma kukhona izinguquko endaweni yokugcina ye-GitHub). Idatha yabo ingatholakala kuzakhiwo zephrojekthi ye-GitLab esigabeni Izilungiselelo ze-CI/CD -> Izibangeli zepayipi, bese udala i-Webhook ehambisanayo ku-GitHub (Izilungiselelo -> Ama-Webhooks).
Isiteji sokwakha sizobukeka kanje:
Build:
stage: build
script:
- type multiwerf && . $(multiwerf use 1.0 alpha --as-file)
- type werf && source <(werf ci-env gitlab --tagging-strategy tag-or-branch --verbose)
- source common_envs.sh
- werf build-and-publish --stages-storage :local
except:
refs:
- schedules
dependencies:
- Prebuild
I-GitLab izongeza ama-artifact amabili ukusuka esiteji kuya esigabeni sokwakha Yakha ngaphambilini, ngakho-ke sithekelisa okuguquguqukayo ngedatha yokufaka elungisiwe kusetshenziswa ukwakhiwa source common_envs.sh. Siqala isigaba sokwakha kuzo zonke izimo, ngaphandle kokwethula ipayipi ngokweshejuli. Ngokweshejuli, sizosebenzisa ipayipi lokuhlanza - kulokhu asikho isidingo sokwenza umhlangano.
Esigabeni sokuphakelwa, sizochaza imisebenzi emibili - ngokwehlukana ukuze ithunyelwe kumasekethe okukhiqiza kanye ne-dev, sisebenzisa isifanekiso se-YAML:
.base_deploy: &base_deploy
stage: deploy
script:
- type multiwerf && . $(multiwerf use 1.0 alpha --as-file)
- type werf && source <(werf ci-env gitlab --tagging-strategy tag-or-branch --verbose)
- source common_envs.sh
- werf deploy --stages-storage :local
dependencies:
- Prebuild
except:
refs:
- schedules
Deploy to Production:
<<: *base_deploy
variables:
WERF_KUBE_CONTEXT: prod
environment:
name: production
url: werf.io
only:
refs:
- master
except:
variables:
- $REVIEW_SHA
refs:
- schedules
Deploy to Test:
<<: *base_deploy
variables:
WERF_KUBE_CONTEXT: dev
environment:
name: test
url: werf.test.flant.com
except:
refs:
- schedules
only:
variables:
- $REVIEW_SHA
Imisebenzi empeleni ihluka kuphela ekuboniseni umongo weqoqo lapho i-werf kufanele isebenze khona (WERF_KUBE_CONTEXT), nokusetha okuguquguqukayo kwemvelo ye-loop (environment.name ΠΈ environment.url), abese esetshenziswa kuzifanekiso zeshadi le-Helm. Ngeke sinikeze okuqukethwe kwezifanekiso, ngoba... akukho okuthakazelisayo lapho ngesihloko okukhulunywa ngaso, kodwa ungakuthola kuso .
ukuthinta kokugcina
Njengoba izinguqulo ze-werf zikhishwa kaningi, izithombe ezintsha zizokwakhiwa njalo, futhi i-Docker Registry izokhula njalo. Ngakho-ke, kubalulekile ukulungisa ukuhlanzwa kwesithombe okuzenzakalelayo ngokusekelwe kuzinqubomgomo. Kulula kakhulu ukwenza.
Ukuze usebenzise uzodinga:
- Engeza isinyathelo sokuhlanza ku
.gitlab-ci.yml; - Engeza ukwenziwa ngezikhathi ezithile komsebenzi wokuhlanza;
- Setha okuguquguqukayo kwendawo ngethokheni yokufinyelela kokubhala.
Ukwengeza isiteji sokuhlanza ku .gitlab-ci.yml:
Cleanup:
stage: cleanup
script:
- type multiwerf && . $(multiwerf use 1.0 alpha --as-file)
- type werf && source <(werf ci-env gitlab --tagging-strategy tag-or-branch --verbose)
- source common_envs.sh
- docker login -u nobody -p ${WERF_IMAGES_CLEANUP_PASSWORD} ${WERF_IMAGES_REPO}
- werf cleanup --stages-storage :local
only:
refs:
- schedules
Sesivele sikubonile cishe konke lokhu kuphakeme kancane - ukukuhlanza kuphela udinga ukungena kuqala ku-Docker Registry ngethokheni enamalungelo okususa izithombe ku-Docker Registry (ithokheni ye-GitLab CI ekhishwe ngokuzenzakalelayo ayikwenzi lokho. unamalungelo anjalo). Ithokheni kufanele idalwe ku-GitLab kusenesikhathi futhi inani layo kufanele licaciswe kokuguquguquka kwemvelo WERF_IMAGES_CLEANUP_PASSWORD iphrojekthi (Izilungiselelo ze-CI/CD -> Okuguquguqukayo).
Ukwengeza umsebenzi wokuhlanza ngeshejuli edingekayo kwenziwa ku CI/CD ->
Amashejuli.
Yilokho kuphela: iphrojekthi ku-Docker Registry ngeke isakhula njalo isuka ezithombeni ezingasetshenzisiwe.
Ekupheleni kwengxenye esebenzayo, ake ngikukhumbuze ukuthi ukufakwa kuhlu okugcwele okuvela esihlokweni kuyatholakala ku :
- ;
- .
Umphumela
- Sithole ukwakheka kokuhlanganisa okunengqondo: i-artifact eyodwa ngenguqulo ngayinye.
- Umhlangano ungowomhlaba wonke futhi awudingi izinguquko ezenziwa mathupha lapho kukhishwa izinguqulo ezintsha ze-werf: imibhalo ekuwebhusayithi ibuyekezwa ngokuzenzakalelayo.
- Izithombe ezimbili ziqoqwe kumakhonsathi ahlukene.
- Isebenza ngokushesha, ngoba Ukugcinwa kunqolobane kusetshenziswa kakhulu ngangokunokwenzeka - uma inguqulo entsha ye-werf ikhishwa noma ihhuku ye-GitHub ibizelwa isivumelwano sokubuyekeza, yi-artifact ehambisanayo kuphela nenguqulo eshintshiwe eyakhiwa kabusha.
- Asikho isidingo sokucabanga ngokususa izithombe ezingasetshenzisiwe: ukuhlanza ngokwezinqubomgomo ze-werf kuzogcina i-Docker Registry ihlelekile.
okutholakele
- Ukusebenzisa i-werf kuvumela ukuhlanganiswa ukuthi kusebenze ngokushesha ngenxa yokugcinwa kwesikhashana kokubili komhlangano ngokwawo kanye nokugcinwa kunqolobane lapho usebenza nezinqolobane zangaphandle.
- Ukusebenza namakhosombe e-Git angaphandle kususa isidingo sokuhlanganisa yonke inqolobane isikhathi ngasinye noma ukusungula kabusha isondo ngomqondo wokusebenzisa okhohlisayo. I-werf isebenzisa inqolobane futhi yenza i-cloning kanye kuphela, bese isebenzisa
fetchfuthi kuphela uma kunesidingo. - Ikhono lokusebenzisa izifanekiso ze-Go kufayela lokucushwa kokwakha
werf.yamlikuvumela ukuthi uchaze inhlanganisela umphumela wayo uncike kudatha yangaphandle. - Ukusebenzisa i-mount in werf kusheshisa kakhulu ukuqoqwa kwezinto zobuciko - ngenxa yenqolobane, evamile kuwo wonke amapayipi.
- i-werf yenza kube lula ukumisa ukuhlanza, okubaluleke kakhulu uma wakha ngokuguquguqukayo.
PS
Funda futhi kubhulogi yethu:
- Β«";
- Β«";
- Β«";
- Β«".
Source: www.habr.com